A new report published by cybersecurity solutions company Group-IB revealed that Inferno Drainer malware enabled cybercriminals to steal approximately $90 million in crypto from over 130,000 individuals last year.

What is Inferno Drainer?

According to The Hacker News, Inferno Drainer is a malware program that was previously available as a “scam-as-a-service (or drainer-as-a-service) model in exchange for a 20% cut of [customers’] earnings.” The article stated:

“The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year… The scheme ‘leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions.’”

Customers could purchase Inferno Drainer from November 2022 – November 2023, and had the option to deploy it on sites created by Inferno’s developers or their own phishing sites.

During that time, Inferno Drainer was downloaded and utilized across 16,000 unique domains, imitating over 100 different cryptocurrency brands. Cybercriminals used social media sites such as X (formerly Twitter) and Discord to share these malicious domains by pretending to offer users free crypto tokens. They would then proceed to “[drain users’] assets…. once [they connected their wallets and] the transactions were approved.”  

Group-IB analyst Viacheslav Shevchenko also commented on the findings:

“Another typical feature of phishing websites belonging to Inferno Drainer was that users cannot open website source code by using hotkeys or right-clicking on the mouse… This means that the criminals attempted to hide their scripts and illegal activity from their victims.”

Will 2024 be known as the ‘year of the drainer’?

While Inferno Drainer supposedly shut down at the end of 2023, it appears that its “user panel for cybercriminals” has not yet been deactivated. Additionally, Inferno Drainer isn’t the only ‘crypto drainer’ wreaking havoc. The use of Rainbow Drainer malware recently impacted nearly 4,000 Solana users (a Web3 Infrastructure company), and the organization shared its thoughts with The Hacker News:

“We believe that the ‘X as a service’ model will continue to thrive, not least because it creates greater opportunities for less technically competent individuals [to try] their hand at becoming cybercriminals, and for developers, it is a highly profitable way to bolster their revenues.”

Group-IB’s team also shared their concerns that “the success of Inferno Drainer could fuel the development of new drainers as well as lead to a surge in websites containing malicious scripts spoofing Web3 protocols, noting 2024 could become the ‘year of the drainer.’